<?php
ob_start();

error_reporting(0);

require_once("includes/dbconfig.php");
require_once("includes/functions.php");
require_once("includes/settings.php");






 $BUSINESS_EMAIL = BUSINESS_PAYPAL_EMAIL ;

 $parameters = 'cmd=_notify-validate';



  while (list($key, $value) = each($_POST)) {

    $parameters .= '&' . $key . '=' . urlencode(stripslashes($value));

  }







   $testMode = 0;



  if ($testMode == 1) {

   $server = 'www.sandbox.paypal.com';

  } else {

   $server = 'www.paypal.com';   

  }



  $fsocket = false;

  $curl = false;

  $result = false;



  if ($fp = @fsockopen('ssl://' . $server, 443, $errno, $errstr, 30) ) {

    $fsocket = true;

  } elseif (function_exists('curl_exec')) {

    $curl = true;

  } elseif ($fp = @fsockopen($server, 80, $errno, $errstr, 30)) {

    $fsocket = true;

  }



  if ($fsocket == true) {

    $header = 'POST /cgi-bin/webscr HTTP/1.0' . "\r\n" .

              'Host: ' . $server . "\r\n" .

              'Content-Type: application/x-www-form-urlencoded' . "\r\n" .

              'Content-Length: ' . strlen($parameters) . "\r\n" .

              'Connection: close' . "\r\n\r\n";



    @fputs($fp, $header . $parameters);



    $string = '';

    while (!@feof($fp)) {

      $res = @fgets($fp, 1024);

      $string .= $res;



      if ( ($res == 'VERIFIED') || ($res == 'INVALID') ) {

        $result = $res;



        break;

      }

    }



    @fclose($fp);

  } elseif ($curl == true) {

    $ch = curl_init();



    curl_setopt($ch, CURLOPT_URL, 'https://' . $server . '/cgi-bin/webscr');

    curl_setopt($ch, CURLOPT_POST, true);

    curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    curl_setopt($ch, CURLOPT_HEADER, false);

    curl_setopt($ch, CURLOPT_TIMEOUT, 30);

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);



    $res = curl_exec($ch);



    curl_close($ch);

  }





require_once("classes/class.email.php");

require_once("classes/class.premium_user.php"); //include user class

		

if (strcmp ($res, "VERIFIED") == 0) {



  switch($_POST['payment_status'])

  {

  

	  case "Completed":

  

	  // check that receiver_email is admin's Primary PayPal email

	  if($_POST['receiver_email']!==trim($BUSINESS_EMAIL)){

		  exit;

	  }	

	  

	  

	  $check_duplicate = mysql_query("SELECT txn_id FROM paypal_payments WHERE txn_id = '".makesafe($_POST['txn_id'])."'");	

	  if(mysql_num_rows($check_duplicate) == 0)

	  {

 	  

          //create account, and add txn id to paypal payments table

		  @mysql_query("INSERT INTO paypal_payments VALUES (NULL, '".makesafe($_POST['txn_id'])."', '".makesafe($_POST['item_name'])."', '".makesafe($_POST['payer_email'])."', '".makesafe($_POST['payment_gross'])."', NOW())");

		  

		 $package_name = makesafe($_POST['item_name']); 

		 $package_id = getPackageIdByName($package_name);

		 $cost =  getPackageCost($package_id);

		

		 if($cost != $_POST['payment_gross'])

		 {

		    //Payment is less then package cost;

			exit;	 

		 }

		 

		 

		 if(!getPackageIdByName($package_name))

		 {

			   die("Unknown Package Signup!");	

		 }		

		  

		

		$email = $_POST['payer_email'];

		 

		if(PremiumUser::emailExists($email))

		{

           

			@mysql_query("DELETE FROM premium_accounts WHERE email_address = '".makesafe($email)."' LIMIT 1");	

			

		}	

		

		$expiry_date = calculateExpiry($package_id);	 

		

		if(!$expiry_date)

		{

            //expiry date cant be calculated.

			return;

		}		

		  



      $user = new PremiumUser();

	  $user->email_address = $email;

	  $user->password = substr(md5(strtotime('now')), 3, rand(6,8));

	  $user->package_id = $package_id;

	  $user->package_name = getPackageById($package_id);

	  $user->expiry_date = $expiry_date;

	  $user->active = 1;

	  

	 

	  if($user->save())

	  {

		  //credit the file uploader if any

		  if(!empty($_POST['invoice']))

		  {

		      $_INV = makesafe($_POST['invoice']);	  

			  $_INV = explode("-",$_INV);

			  $fileCode = $_INV[0];

			  

			  

			  $uploader = getUploaderIdByFileCode($fileCode);

			  $commission = (PREMIUM_RATE / 100) * $cost;

			  

			if(!empty($commission) && !empty($uploader))

			{

				  if(mysql_query("UPDATE users SET balance=balance+".$commission." WHERE uid='".$uploader."'")){

 				  @mysql_query("INSERT INTO `earnings_log` VALUES(NULL, '$uploader', '$fileCode', '0', '0', 'NULL', '$commission', 'Premium Signup', NOW(), 'NULL')");

				  }			 

		  

		    }

		

		  }

		    return;

	  }else

	  {

		  die( "An error occured while creating an account. ");

		  return;

	  }	  		  

		  

	  

	  }else

	  {

          //Txn id has been used in past

		  exit;

	  }

	  

	  

	  break;

  

  

  }    

  









} elseif (strcmp ($res, "INVALID") == 0) {



	exit;

}

	







?>